1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_control_manager_host_impl.h"
17
18 #include "app_log_tag_wrapper.h"
19 #include "app_log_wrapper.h"
20 #include "appexecfwk_errors.h"
21 #include "app_control_constants.h"
22 #include "bundle_mgr_service.h"
23 #include "bundle_permission_mgr.h"
24 #include "bundle_service_constants.h"
25 #include "event_report.h"
26 #include "ipc_skeleton.h"
27
28 namespace OHOS {
29 namespace AppExecFwk {
30 namespace {
31 constexpr const char* PERMISSION_DISPOSED_STATUS = "ohos.permission.MANAGE_DISPOSED_APP_STATUS";
32 constexpr const char* PERMISSION_GET_DISPOSED_STATUS = "ohos.permission.GET_DISPOSED_APP_STATUS";
33 }
AppControlManagerHostImpl()34 AppControlManagerHostImpl::AppControlManagerHostImpl()
35 {
36 appControlManager_ = DelayedSingleton<AppControlManager>::GetInstance();
37 dataMgr_ = DelayedSingleton<BundleMgrService>::GetInstance()->GetDataMgr();
38 callingNameMap_ = {
39 {AppControlConstants::EDM_UID, AppControlConstants::EDM_CALLING}
40 };
41 ruleTypeMap_ = {
42 {AppInstallControlRuleType::DISALLOWED_UNINSTALL, AppControlConstants::APP_DISALLOWED_UNINSTALL},
43 {AppInstallControlRuleType::ALLOWED_INSTALL, AppControlConstants::APP_ALLOWED_INSTALL},
44 {AppInstallControlRuleType::DISALLOWED_INSTALL, AppControlConstants::APP_DISALLOWED_INSTALL}
45 };
46 }
47
~AppControlManagerHostImpl()48 AppControlManagerHostImpl::~AppControlManagerHostImpl()
49 {
50 }
51
AddAppInstallControlRule(const std::vector<std::string> & appIds,const AppInstallControlRuleType controlRuleType,int32_t userId)52 ErrCode AppControlManagerHostImpl::AddAppInstallControlRule(const std::vector<std::string> &appIds,
53 const AppInstallControlRuleType controlRuleType, int32_t userId)
54 {
55 LOG_D(BMS_TAG_DEFAULT, "AddAppInstallControlRule start");
56 std::string callingName = GetCallingName();
57 std::string ruleType = GetControlRuleType(controlRuleType);
58 if (callingName.empty()) {
59 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
60 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
61 }
62 if (ruleType.empty()) {
63 LOG_E(BMS_TAG_DEFAULT, "controlRuleType is invalid");
64 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
65 }
66 if (!appControlManager_) {
67 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
68 return ERR_APPEXECFWK_NULL_PTR;
69 }
70 auto ret = appControlManager_->AddAppInstallControlRule(callingName, appIds, ruleType, userId);
71 if (ret != ERR_OK) {
72 LOG_E(BMS_TAG_DEFAULT, "AddAppInstallControlRule failed due to error %{public}d", ret);
73 return ret;
74 }
75 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
76 UpdateAppControlledInfo(userId, appIds);
77 }
78 return ERR_OK;
79 }
80
DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,const std::vector<std::string> & appIds,int32_t userId)81 ErrCode AppControlManagerHostImpl::DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,
82 const std::vector<std::string> &appIds, int32_t userId)
83 {
84 LOG_D(BMS_TAG_DEFAULT, "DeleteAppInstallControlRule start");
85 std::string ruleType = GetControlRuleType(controlRuleType);
86 if (ruleType.empty()) {
87 LOG_E(BMS_TAG_DEFAULT, "controlRuleType is invalid");
88 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
89 }
90 std::string callingName = GetCallingName();
91 if (callingName.empty()) {
92 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
93 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
94 }
95 if (!appControlManager_) {
96 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
97 return ERR_APPEXECFWK_NULL_PTR;
98 }
99 auto ret = appControlManager_->DeleteAppInstallControlRule(callingName, ruleType, appIds, userId);
100 if (ret != ERR_OK) {
101 LOG_E(BMS_TAG_DEFAULT, "DeleteAppInstallControlRule failed due to error %{public}d", ret);
102 return ret;
103 }
104 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
105 UpdateAppControlledInfo(userId, appIds);
106 }
107 return ERR_OK;
108 }
109
DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,int32_t userId)110 ErrCode AppControlManagerHostImpl::DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,
111 int32_t userId)
112 {
113 LOG_D(BMS_TAG_DEFAULT, "CleanAppInstallControlRule start");
114 std::string callingName = GetCallingName();
115 std::string ruleType = GetControlRuleType(controlRuleType);
116 if (callingName.empty()) {
117 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
118 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
119 }
120 if (ruleType.empty()) {
121 LOG_E(BMS_TAG_DEFAULT, "controlRuleType is invalid");
122 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
123 }
124 if (!appControlManager_) {
125 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
126 return ERR_APPEXECFWK_NULL_PTR;
127 }
128 std::vector<std::string> modifyAppIds;
129 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
130 auto ret = appControlManager_->GetAppInstallControlRule(AppControlConstants::EDM_CALLING,
131 ruleType, userId, modifyAppIds);
132 if (ret != ERR_OK) {
133 LOG_W(BMS_TAG_DEFAULT, "GetAppInstallControlRule failed code:%{public}d", ret);
134 }
135 }
136 auto ret = appControlManager_->DeleteAppInstallControlRule(callingName, ruleType, userId);
137 if (ret != ERR_OK) {
138 LOG_E(BMS_TAG_DEFAULT, "CleanAppInstallControlRule failed due to error %{public}d", ret);
139 return ret;
140 }
141 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
142 UpdateAppControlledInfo(userId, modifyAppIds);
143 }
144 return ERR_OK;
145 }
146
GetAppInstallControlRule(const AppInstallControlRuleType controlRuleType,int32_t userId,std::vector<std::string> & appIds)147 ErrCode AppControlManagerHostImpl::GetAppInstallControlRule(
148 const AppInstallControlRuleType controlRuleType, int32_t userId, std::vector<std::string> &appIds)
149 {
150 LOG_D(BMS_TAG_DEFAULT, "GetAppInstallControlRule start");
151 std::string callingName = GetCallingName();
152 std::string ruleType = GetControlRuleType(controlRuleType);
153 if (callingName.empty()) {
154 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
155 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
156 }
157 if (ruleType.empty()) {
158 LOG_E(BMS_TAG_DEFAULT, "controlRuleType is invalid");
159 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
160 }
161 if (!appControlManager_) {
162 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
163 return ERR_APPEXECFWK_NULL_PTR;
164 }
165 return appControlManager_->GetAppInstallControlRule(callingName, ruleType, userId, appIds);
166 }
167
AddAppRunningControlRule(const std::vector<AppRunningControlRule> & controlRules,int32_t userId)168 ErrCode AppControlManagerHostImpl::AddAppRunningControlRule(
169 const std::vector<AppRunningControlRule> &controlRules, int32_t userId)
170 {
171 std::string callingName = GetCallingName();
172 if (callingName.empty()) {
173 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
174 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
175 }
176 if (!appControlManager_) {
177 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
178 return ERR_APPEXECFWK_NULL_PTR;
179 }
180 return appControlManager_->AddAppRunningControlRule(callingName, controlRules, userId);
181 }
182
DeleteAppRunningControlRule(const std::vector<AppRunningControlRule> & controlRules,int32_t userId)183 ErrCode AppControlManagerHostImpl::DeleteAppRunningControlRule(
184 const std::vector<AppRunningControlRule> &controlRules, int32_t userId)
185 {
186 std::string callingName = GetCallingName();
187 if (callingName.empty()) {
188 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
189 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
190 }
191 return appControlManager_->DeleteAppRunningControlRule(callingName, controlRules, userId);
192 }
193
DeleteAppRunningControlRule(int32_t userId)194 ErrCode AppControlManagerHostImpl::DeleteAppRunningControlRule(int32_t userId)
195 {
196 std::string callingName = GetCallingName();
197 if (callingName.empty()) {
198 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
199 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
200 }
201 if (!appControlManager_) {
202 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
203 return ERR_APPEXECFWK_NULL_PTR;
204 }
205 return appControlManager_->DeleteAppRunningControlRule(callingName, userId);
206 }
207
GetAppRunningControlRule(int32_t userId,std::vector<std::string> & appIds)208 ErrCode AppControlManagerHostImpl::GetAppRunningControlRule(int32_t userId, std::vector<std::string> &appIds)
209 {
210 std::string callingName = GetCallingName();
211 if (callingName.empty()) {
212 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
213 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
214 }
215 return appControlManager_->GetAppRunningControlRule(callingName, userId, appIds);
216 }
217
GetAppRunningControlRule(const std::string & bundleName,int32_t userId,AppRunningControlRuleResult & controlRuleResult)218 ErrCode AppControlManagerHostImpl::GetAppRunningControlRule(
219 const std::string &bundleName, int32_t userId, AppRunningControlRuleResult &controlRuleResult)
220 {
221 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
222 if (uid != AppControlConstants::FOUNDATION_UID) {
223 LOG_W(BMS_TAG_DEFAULT, "calling permission denied, uid : %{public}d, pid : %{public}d",
224 uid, OHOS::IPCSkeleton::GetCallingPid());
225 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
226 }
227 if (!appControlManager_) {
228 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
229 return ERR_APPEXECFWK_NULL_PTR;
230 }
231 return appControlManager_->GetAppRunningControlRule(bundleName, userId, controlRuleResult);
232 }
233
ConfirmAppJumpControlRule(const std::string & callerBundleName,const std::string & targetBundleName,int32_t userId)234 ErrCode AppControlManagerHostImpl::ConfirmAppJumpControlRule(const std::string &callerBundleName,
235 const std::string &targetBundleName, int32_t userId)
236 {
237 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
238 if (uid != AppControlConstants::FOUNDATION_UID) {
239 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
240 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
241 }
242 return appControlManager_->ConfirmAppJumpControlRule(callerBundleName, targetBundleName, userId);
243 }
244
AddAppJumpControlRule(const std::vector<AppJumpControlRule> & controlRules,int32_t userId)245 ErrCode AppControlManagerHostImpl::AddAppJumpControlRule(const std::vector<AppJumpControlRule> &controlRules,
246 int32_t userId)
247 {
248 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
249 if (uid != AppControlConstants::FOUNDATION_UID) {
250 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
251 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
252 }
253 if (!appControlManager_) {
254 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
255 return ERR_APPEXECFWK_NULL_PTR;
256 }
257 return appControlManager_->AddAppJumpControlRule(controlRules, userId);
258 }
259
DeleteAppJumpControlRule(const std::vector<AppJumpControlRule> & controlRules,int32_t userId)260 ErrCode AppControlManagerHostImpl::DeleteAppJumpControlRule(const std::vector<AppJumpControlRule> &controlRules,
261 int32_t userId)
262 {
263 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
264 if (uid != AppControlConstants::FOUNDATION_UID) {
265 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
266 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
267 }
268 if (!appControlManager_) {
269 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
270 return ERR_APPEXECFWK_NULL_PTR;
271 }
272 return appControlManager_->DeleteAppJumpControlRule(controlRules, userId);
273 }
274
DeleteRuleByCallerBundleName(const std::string & callerBundleName,int32_t userId)275 ErrCode AppControlManagerHostImpl::DeleteRuleByCallerBundleName(const std::string &callerBundleName, int32_t userId)
276 {
277 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
278 if (uid != AppControlConstants::FOUNDATION_UID) {
279 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
280 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
281 }
282 if (!appControlManager_) {
283 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
284 return ERR_APPEXECFWK_NULL_PTR;
285 }
286 return appControlManager_->DeleteRuleByCallerBundleName(callerBundleName, userId);
287 }
288
DeleteRuleByTargetBundleName(const std::string & targetBundleName,int32_t userId)289 ErrCode AppControlManagerHostImpl::DeleteRuleByTargetBundleName(const std::string &targetBundleName, int32_t userId)
290 {
291 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
292 if (uid != AppControlConstants::FOUNDATION_UID) {
293 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
294 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
295 }
296 return appControlManager_->DeleteRuleByTargetBundleName(targetBundleName, userId);
297 }
298
GetAppJumpControlRule(const std::string & callerBundleName,const std::string & targetBundleName,int32_t userId,AppJumpControlRule & controlRule)299 ErrCode AppControlManagerHostImpl::GetAppJumpControlRule(const std::string &callerBundleName,
300 const std::string &targetBundleName, int32_t userId, AppJumpControlRule &controlRule)
301 {
302 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
303 if (uid != AppControlConstants::FOUNDATION_UID) {
304 LOG_W(BMS_TAG_DEFAULT, "calling permission denied, uid : %{public}d", uid);
305 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
306 }
307 if (!appControlManager_) {
308 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
309 return ERR_APPEXECFWK_NULL_PTR;
310 }
311 return appControlManager_->GetAppJumpControlRule(callerBundleName, targetBundleName, userId, controlRule);
312 }
313
GetCallingName()314 std::string AppControlManagerHostImpl::GetCallingName()
315 {
316 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
317 auto item = callingNameMap_.find(uid);
318 if (item == callingNameMap_.end()) {
319 LOG_W(BMS_TAG_DEFAULT, "calling uid is invalid, uid : %{public}d", uid);
320 return "";
321 }
322 return item->second;
323 }
324
GetControlRuleType(const AppInstallControlRuleType controlRuleType)325 std::string AppControlManagerHostImpl::GetControlRuleType(const AppInstallControlRuleType controlRuleType)
326 {
327 auto item = ruleTypeMap_.find(controlRuleType);
328 if (item == ruleTypeMap_.end()) {
329 LOG_W(BMS_TAG_DEFAULT, "controlRuleType:%{public}d is invalid", static_cast<int32_t>(controlRuleType));
330 return "";
331 }
332 return item->second;
333 }
334
GetCallingUserId()335 int32_t AppControlManagerHostImpl::GetCallingUserId()
336 {
337 return OHOS::IPCSkeleton::GetCallingUid() / Constants::BASE_USER_RANGE;
338 }
339
SetDisposedStatus(const std::string & appId,const Want & want,int32_t userId)340 ErrCode AppControlManagerHostImpl::SetDisposedStatus(const std::string &appId, const Want &want, int32_t userId)
341 {
342 LOG_D(BMS_TAG_DEFAULT, "host begin to SetDisposedStatus");
343 if (!BundlePermissionMgr::IsSystemApp()) {
344 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
345 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
346 }
347 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
348 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
349 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
350 }
351 if (userId == Constants::UNSPECIFIED_USERID) {
352 userId = GetCallingUserId();
353 }
354 if (!appControlManager_) {
355 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
356 return ERR_APPEXECFWK_NULL_PTR;
357 }
358 ErrCode ret = appControlManager_->SetDisposedStatus(appId, want, userId);
359 if (ret != ERR_OK) {
360 LOG_W(BMS_TAG_DEFAULT, "host SetDisposedStatus error:%{public}d", ret);
361 }
362 return ret;
363 }
364
DeleteDisposedStatus(const std::string & appId,int32_t userId)365 ErrCode AppControlManagerHostImpl::DeleteDisposedStatus(const std::string &appId, int32_t userId)
366 {
367 LOG_D(BMS_TAG_DEFAULT, "host begin to DeleteDisposedStatus");
368 if (!BundlePermissionMgr::IsSystemApp()) {
369 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
370 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
371 }
372 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
373 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
374 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
375 }
376 if (userId == Constants::UNSPECIFIED_USERID) {
377 userId = GetCallingUserId();
378 }
379 if (!appControlManager_) {
380 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
381 return ERR_APPEXECFWK_NULL_PTR;
382 }
383 ErrCode ret = appControlManager_->DeleteDisposedStatus(appId, userId);
384 if (ret != ERR_OK) {
385 LOG_W(BMS_TAG_DEFAULT, "host DeletetDisposedStatus error:%{public}d", ret);
386 }
387 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
388 std::string callerName;
389 GetCallerByUid(uid, callerName);
390 if (userId == Constants::UNSPECIFIED_USERID) {
391 userId = GetCallingUserId();
392 }
393 ret = appControlManager_->DeleteDisposedRule(callerName, appId, Constants::MAIN_APP_INDEX, userId);
394
395 return ret;
396 }
397
GetDisposedStatus(const std::string & appId,Want & want,int32_t userId)398 ErrCode AppControlManagerHostImpl::GetDisposedStatus(const std::string &appId, Want &want, int32_t userId)
399 {
400 LOG_D(BMS_TAG_DEFAULT, "host begin to GetDisposedStatus");
401 if (!BundlePermissionMgr::IsSystemApp()) {
402 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
403 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
404 }
405 if (!BundlePermissionMgr::VerifyCallingPermissionsForAll({PERMISSION_DISPOSED_STATUS,
406 PERMISSION_GET_DISPOSED_STATUS})) {
407 LOG_W(BMS_TAG_DEFAULT, "verify get disposed status permission failed");
408 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
409 }
410 if (userId == Constants::UNSPECIFIED_USERID) {
411 userId = GetCallingUserId();
412 }
413 if (!appControlManager_) {
414 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
415 return ERR_APPEXECFWK_NULL_PTR;
416 }
417 ErrCode ret = appControlManager_->GetDisposedStatus(appId, want, userId);
418 if (ret != ERR_OK) {
419 LOG_W(BMS_TAG_DEFAULT, "host GetDisposedStatus error:%{public}d", ret);
420 }
421 return ret;
422 }
423
UpdateAppControlledInfo(int32_t userId,const std::vector<std::string> & modifyAppIds) const424 void AppControlManagerHostImpl::UpdateAppControlledInfo(int32_t userId,
425 const std::vector<std::string> &modifyAppIds) const
426 {
427 LOG_D(BMS_TAG_DEFAULT, "start to UpdateAppControlledInfo under userId %{public}d", userId);
428 std::vector<std::string> appIds;
429 if (!appControlManager_) {
430 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
431 return;
432 }
433 ErrCode ret = appControlManager_->GetAppInstallControlRule(AppControlConstants::EDM_CALLING,
434 AppControlConstants::APP_DISALLOWED_UNINSTALL, userId, appIds);
435 if (ret != ERR_OK) {
436 LOG_W(BMS_TAG_DEFAULT, "not update GetAppInstallControlRule failed code:%{public}d", ret);
437 return;
438 }
439 auto bundleInfos = dataMgr_->GetAllInnerBundleInfos();
440 for (const auto &info : bundleInfos) {
441 InnerBundleUserInfo userInfo;
442 if (!info.second.GetInnerBundleUserInfo(userId, userInfo)) {
443 LOG_W(BMS_TAG_DEFAULT, "current bundle (%{public}s) is not installed at current userId (%{public}d)",
444 info.first.c_str(), userId);
445 continue;
446 }
447 auto iterator = std::find(appIds.begin(), appIds.end(), info.second.GetAppId());
448 bool isRemovable = (iterator != appIds.end()) ? false : true;
449 if (userInfo.isRemovable != isRemovable) {
450 LOG_I(BMS_TAG_DEFAULT, "current bundle (%{public}s) change removable at userId (%{public}d)",
451 info.first.c_str(), userId);
452 userInfo.isRemovable = isRemovable;
453 dataMgr_->AddInnerBundleUserInfo(info.first, userInfo);
454 }
455 auto modifyAppIdsIterator = std::find(modifyAppIds.begin(), modifyAppIds.end(), info.second.GetAppId());
456 if (modifyAppIdsIterator != modifyAppIds.end()) {
457 AbilityInfo mainAbilityInfo;
458 info.second.GetMainAbilityInfo(mainAbilityInfo);
459 NotifyBundleEvents installRes = {
460 .isModuleUpdate = false,
461 .type = NotifyType::UNINSTALL_STATE,
462 .resultCode = ERR_OK,
463 .accessTokenId = info.second.GetAccessTokenId(userId),
464 .uid = info.second.GetUid(userId),
465 .bundleType = static_cast<int32_t>(info.second.GetApplicationBundleType()),
466 .bundleName = info.second.GetBundleName(),
467 .modulePackage = info.second.GetModuleNameVec()[0],
468 .abilityName = mainAbilityInfo.name,
469 .appDistributionType = info.second.GetAppDistributionType(),
470 };
471 std::shared_ptr<BundleCommonEventMgr> commonEventMgr = std::make_shared<BundleCommonEventMgr>();
472 commonEventMgr->NotifyBundleStatus(installRes, dataMgr_);
473 }
474 }
475 }
476
GetCallerByUid(const int32_t uid,std::string & callerName)477 void AppControlManagerHostImpl::GetCallerByUid(const int32_t uid, std::string &callerName)
478 {
479 auto item = callingNameMap_.find(uid);
480 if (item != callingNameMap_.end()) {
481 callerName = item->second;
482 return;
483 }
484 auto ret = dataMgr_->GetNameForUid(uid, callerName);
485 if (ret != ERR_OK) {
486 LOG_W(BMS_TAG_DEFAULT, "caller not recognized");
487 callerName = std::to_string(uid);
488 }
489 }
490
GetDisposedRule(const std::string & appId,DisposedRule & rule,int32_t userId)491 ErrCode AppControlManagerHostImpl::GetDisposedRule(const std::string &appId, DisposedRule &rule, int32_t userId)
492 {
493 LOG_D(BMS_TAG_DEFAULT, "host begin to GetDisposedRule");
494 if (!BundlePermissionMgr::IsSystemApp()) {
495 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
496 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
497 }
498 if (!BundlePermissionMgr::VerifyCallingPermissionsForAll({PERMISSION_DISPOSED_STATUS,
499 PERMISSION_GET_DISPOSED_STATUS})) {
500 LOG_W(BMS_TAG_DEFAULT, "verify get disposed rule permission failed");
501 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
502 }
503
504 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
505 std::string callerName;
506 GetCallerByUid(uid, callerName);
507 if (userId == Constants::UNSPECIFIED_USERID) {
508 userId = GetCallingUserId();
509 }
510 if (!appControlManager_) {
511 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
512 return ERR_APPEXECFWK_NULL_PTR;
513 }
514 auto ret = appControlManager_->GetDisposedRule(callerName, appId, rule, Constants::MAIN_APP_INDEX, userId);
515 if (ret != ERR_OK) {
516 LOG_W(BMS_TAG_DEFAULT, "host GetDisposedStatus error:%{public}d", ret);
517 }
518 return ret;
519 }
520
SetDisposedRule(const std::string & appId,DisposedRule & rule,int32_t userId)521 ErrCode AppControlManagerHostImpl::SetDisposedRule(const std::string &appId, DisposedRule &rule, int32_t userId)
522 {
523 LOG_D(BMS_TAG_DEFAULT, "host begin to SetDisposedRule");
524 if (!BundlePermissionMgr::IsSystemApp()) {
525 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
526 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
527 }
528 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
529 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
530 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
531 }
532
533 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
534 std::string callerName;
535 GetCallerByUid(uid, callerName);
536 if (uid == AppControlConstants::EDM_UID) {
537 rule.isEdm = true;
538 }
539 if (userId == Constants::UNSPECIFIED_USERID) {
540 userId = GetCallingUserId();
541 }
542 if (!appControlManager_) {
543 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
544 return ERR_APPEXECFWK_NULL_PTR;
545 }
546 auto ret = appControlManager_->SetDisposedRule(callerName, appId, rule, Constants::MAIN_APP_INDEX, userId);
547 if (ret != ERR_OK) {
548 LOG_W(BMS_TAG_DEFAULT, "host GetDisposedStatus error:%{public}d", ret);
549 }
550 return ret;
551 }
552
GetAbilityRunningControlRule(const std::string & bundleName,int32_t userId,std::vector<DisposedRule> & disposedRules,int32_t appIndex)553 ErrCode AppControlManagerHostImpl::GetAbilityRunningControlRule(const std::string &bundleName, int32_t userId,
554 std::vector<DisposedRule>& disposedRules, int32_t appIndex)
555 {
556 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
557 if (uid != AppControlConstants::FOUNDATION_UID) {
558 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
559 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
560 }
561 if (!appControlManager_) {
562 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
563 return ERR_APPEXECFWK_NULL_PTR;
564 }
565 return appControlManager_->GetAbilityRunningControlRule(bundleName, appIndex, userId,
566 disposedRules);
567 }
568
GetDisposedRuleForCloneApp(const std::string & appId,DisposedRule & rule,int32_t appIndex,int32_t userId)569 ErrCode AppControlManagerHostImpl::GetDisposedRuleForCloneApp(const std::string &appId, DisposedRule &rule,
570 int32_t appIndex, int32_t userId)
571 {
572 LOG_D(BMS_TAG_DEFAULT, "host begin to GetDisposedRuleForCloneApp");
573 if (!BundlePermissionMgr::IsSystemApp()) {
574 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
575 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
576 }
577 if (!BundlePermissionMgr::VerifyCallingPermissionsForAll({PERMISSION_DISPOSED_STATUS,
578 PERMISSION_GET_DISPOSED_STATUS})) {
579 LOG_W(BMS_TAG_DEFAULT, "verify get disposed rule permission failed");
580 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
581 }
582 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
583 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
584 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
585 }
586 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
587 std::string callerName;
588 GetCallerByUid(uid, callerName);
589 if (userId == Constants::UNSPECIFIED_USERID) {
590 userId = GetCallingUserId();
591 }
592 if (!appControlManager_) {
593 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
594 return ERR_APPEXECFWK_NULL_PTR;
595 }
596 auto ret = appControlManager_->GetDisposedRule(callerName, appId, rule, appIndex, userId);
597 if (ret != ERR_OK) {
598 LOG_W(BMS_TAG_DEFAULT, "GetDisposedRuleForCloneApp error:%{public}d, appIndex:%{public}d", ret, appIndex);
599 }
600 return ret;
601 }
602
SetDisposedRuleForCloneApp(const std::string & appId,DisposedRule & rule,int32_t appIndex,int32_t userId)603 ErrCode AppControlManagerHostImpl::SetDisposedRuleForCloneApp(const std::string &appId, DisposedRule &rule,
604 int32_t appIndex, int32_t userId)
605 {
606 LOG_D(BMS_TAG_DEFAULT, "host begin to SetDisposedRuleForCloneApp");
607 if (!BundlePermissionMgr::IsSystemApp()) {
608 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
609 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
610 }
611 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
612 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
613 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
614 }
615 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
616 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
617 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
618 }
619 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
620 std::string callerName;
621 GetCallerByUid(uid, callerName);
622 if (uid == AppControlConstants::EDM_UID) {
623 rule.isEdm = true;
624 }
625 if (userId == Constants::UNSPECIFIED_USERID) {
626 userId = GetCallingUserId();
627 }
628 if (!appControlManager_) {
629 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
630 return ERR_APPEXECFWK_NULL_PTR;
631 }
632 auto ret = appControlManager_->SetDisposedRule(callerName, appId, rule, appIndex, userId);
633 if (ret != ERR_OK) {
634 LOG_W(BMS_TAG_DEFAULT, "SetDisposedRuleForCloneApp error:%{public}d, appIndex:%{public}d", ret, appIndex);
635 }
636 return ret;
637 }
DeleteDisposedRuleForCloneApp(const std::string & appId,int32_t appIndex,int32_t userId)638 ErrCode AppControlManagerHostImpl::DeleteDisposedRuleForCloneApp(const std::string &appId, int32_t appIndex,
639 int32_t userId)
640 {
641 LOG_D(BMS_TAG_DEFAULT, "host begin to DeleteDisposedRuleForCloneApp");
642 if (!BundlePermissionMgr::IsSystemApp()) {
643 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
644 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
645 }
646 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
647 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
648 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
649 }
650 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
651 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
652 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
653 }
654 if (userId == Constants::UNSPECIFIED_USERID) {
655 userId = GetCallingUserId();
656 }
657 if (!appControlManager_) {
658 LOG_E(BMS_TAG_DEFAULT, "appControlManager_ is nullptr");
659 return ERR_APPEXECFWK_NULL_PTR;
660 }
661 ErrCode ret = ERR_OK;
662 if (appIndex == Constants::MAIN_APP_INDEX) {
663 ret = appControlManager_->DeleteDisposedStatus(appId, userId);
664 if (ret != ERR_OK) {
665 LOG_W(BMS_TAG_DEFAULT, "DeleteDisposedStatus error:%{public}d", ret);
666 }
667 }
668 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
669 std::string callerName;
670 GetCallerByUid(uid, callerName);
671 if (userId == Constants::UNSPECIFIED_USERID) {
672 userId = GetCallingUserId();
673 }
674 ret = appControlManager_->DeleteDisposedRule(callerName, appId, appIndex, userId);
675 if (ret != ERR_OK) {
676 LOG_W(BMS_TAG_DEFAULT, "DeleteDisposedRule error:%{public}d, appIndex:%{public}d", ret, appIndex);
677 }
678 return ret;
679 }
680
GetUninstallDisposedRule(const std::string & appIdentifier,int32_t appIndex,int32_t userId,UninstallDisposedRule & rule)681 ErrCode AppControlManagerHostImpl::GetUninstallDisposedRule(const std::string &appIdentifier,
682 int32_t appIndex, int32_t userId, UninstallDisposedRule &rule)
683 {
684 LOG_D(BMS_TAG_DEFAULT, "begin");
685 if (!BundlePermissionMgr::IsSystemApp()) {
686 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
687 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
688 }
689 if (!BundlePermissionMgr::VerifyCallingPermissionsForAll({PERMISSION_DISPOSED_STATUS,
690 PERMISSION_GET_DISPOSED_STATUS})) {
691 LOG_W(BMS_TAG_DEFAULT, "verify get uninstall disposed rule permission failed");
692 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
693 }
694 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
695 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
696 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
697 }
698 if (userId == Constants::UNSPECIFIED_USERID) {
699 userId = GetCallingUserId();
700 }
701 if (!appControlManager_) {
702 LOG_E(BMS_TAG_DEFAULT, "null appControlManager_");
703 return ERR_APPEXECFWK_NULL_PTR;
704 }
705 auto ret = appControlManager_->GetUninstallDisposedRule(appIdentifier, appIndex, userId, rule);
706 if (ret != ERR_OK) {
707 LOG_W(BMS_TAG_DEFAULT, "error:%{public}d, appIndex:%{public}d",
708 ret, appIndex);
709 }
710 return ret;
711 }
712
SetUninstallDisposedRule(const std::string & appIdentifier,const UninstallDisposedRule & rule,int32_t appIndex,int32_t userId)713 ErrCode AppControlManagerHostImpl::SetUninstallDisposedRule(const std::string &appIdentifier,
714 const UninstallDisposedRule &rule, int32_t appIndex, int32_t userId)
715 {
716 LOG_D(BMS_TAG_DEFAULT, "begin");
717 if (!BundlePermissionMgr::IsSystemApp()) {
718 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
719 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
720 }
721 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
722 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
723 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
724 }
725 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
726 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
727 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
728 }
729 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
730 std::string callerName;
731 GetCallerByUid(uid, callerName);
732 if (rule.want == nullptr) {
733 LOG_E(BMS_TAG_DEFAULT, "null want");
734 return ERR_BUNDLE_MANAGER_INVALID_UNINSTALL_RULE;
735 }
736 if (!BundlePermissionMgr::IsNativeTokenType() && callerName != rule.want->GetBundle()) {
737 LOG_E(BMS_TAG_DEFAULT, "callerName is not equal to bundleName in want");
738 return ERR_BUNDLE_MANAGER_INVALID_UNINSTALL_RULE;
739 }
740 if (userId == Constants::UNSPECIFIED_USERID) {
741 userId = GetCallingUserId();
742 }
743 if (!appControlManager_) {
744 LOG_E(BMS_TAG_DEFAULT, "null appControlManager_");
745 return ERR_APPEXECFWK_NULL_PTR;
746 }
747 auto ret = appControlManager_->SetUninstallDisposedRule(callerName, appIdentifier, rule, appIndex, userId);
748 if (ret != ERR_OK) {
749 LOG_W(BMS_TAG_DEFAULT, "error:%{public}d, appIndex:%{public}d",
750 ret, appIndex);
751 }
752 EventInfo info;
753 info.callingName = callerName;
754 info.userId = userId;
755 info.appIds.push_back(appIdentifier);
756 info.rule = rule.ToString();
757 info.operationType = static_cast<int32_t>(OPERATION_TYPE_ENUM::OPERATION_TYPE_ADD_RULE);
758 info.actionType = static_cast<int32_t>(ACTION_TYPE_ENUM::ACTION_TYPE_UNINSTALL_DISPOSE_RULE);
759 info.appIndex = appIndex;
760 EventReport::SendAppControlRuleEvent(info);
761 return ret;
762 }
763
DeleteUninstallDisposedRule(const std::string & appIdentifier,int32_t appIndex,int32_t userId)764 ErrCode AppControlManagerHostImpl::DeleteUninstallDisposedRule(const std::string &appIdentifier, int32_t appIndex,
765 int32_t userId)
766 {
767 LOG_D(BMS_TAG_DEFAULT, "begin");
768 if (!BundlePermissionMgr::IsSystemApp()) {
769 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
770 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
771 }
772 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
773 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
774 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
775 }
776 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
777 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
778 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
779 }
780 if (userId == Constants::UNSPECIFIED_USERID) {
781 userId = GetCallingUserId();
782 }
783 if (!appControlManager_) {
784 LOG_E(BMS_TAG_DEFAULT, "null appControlManager_");
785 return ERR_APPEXECFWK_NULL_PTR;
786 }
787 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
788 std::string callerName;
789 GetCallerByUid(uid, callerName);
790 if (userId == Constants::UNSPECIFIED_USERID) {
791 userId = GetCallingUserId();
792 }
793 auto ret = appControlManager_->DeleteUninstallDisposedRule(callerName, appIdentifier, appIndex, userId);
794 if (ret != ERR_OK) {
795 LOG_W(BMS_TAG_DEFAULT, "error:%{public}d, appIndex:%{public}d", ret, appIndex);
796 }
797 EventInfo info;
798 info.callingName = callerName;
799 info.userId = userId;
800 info.appIds.push_back(appIdentifier);
801 info.operationType = static_cast<int32_t>(OPERATION_TYPE_ENUM::OPERATION_TYPE_REMOVE_RULE);
802 info.actionType = static_cast<int32_t>(ACTION_TYPE_ENUM::ACTION_TYPE_UNINSTALL_DISPOSE_RULE);
803 info.appIndex = appIndex;
804 EventReport::SendAppControlRuleEvent(info);
805 return ret;
806 }
807
808 } // AppExecFwk
809 } // OHOS